commit ac5b8e74f4b07ee0e2ab25745519417711bdf576 Author: Damian Johnson atagar@torproject.org Date: Tue Jul 17 09:27:31 2012 -0700
Tests for is_exiting_allowed() and can_exit_to()
Tests for a couple more ExitPolicy methods, and fixes for issues with is_exiting_allowed() that they revealed. --- stem/exit_policy.py | 12 ++++++-- test/unit/exit_policy/policy.py | 57 +++++++++++++++++++++----------------- 2 files changed, 40 insertions(+), 29 deletions(-)
diff --git a/stem/exit_policy.py b/stem/exit_policy.py index 12cc11f..2d00553 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -131,11 +131,17 @@ class ExitPolicy(object): Provides True if the policy allows exiting whatsoever, False otherwise. """
+ rejected_ports = set() for rule in self._rules: if rule.is_accept: - return True - elif rule.is_address_wildcard() and rule.is_port_wildcard(): - return False + for port in xrange(rule.min_port, rule.max_port + 1): + if not port in rejected_ports: + return True + elif rule.is_address_wildcard(): + if rule.is_port_wildcard(): + return False + else: + rejected_ports.update(range(rule.min_port, rule.max_port + 1))
return self._is_allowed_default
diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py index 51d650c..8b74998 100644 --- a/test/unit/exit_policy/policy.py +++ b/test/unit/exit_policy/policy.py @@ -57,6 +57,37 @@ class TestExitPolicy(unittest.TestCase): policy.set_default_allowed(False) self.assertFalse(policy.is_exiting_allowed())
+ def test_can_exit_to(self): + # Basic sanity test for our can_exit_to() method. Most of the interesting + # use cases (ip masks, wildcards, etc) are covered by the ExitPolicyRule + # tests. + + policy = ExitPolicy('accept *:80', 'accept *:443', 'reject *:*') + + for i in xrange(1, 500): + ip_addr = "%i.%i.%i.%i" % (i / 2, i / 2, i / 2, i / 2) + expected_result = i in (80, 443) + + self.assertEquals(expected_result, policy.can_exit_to(ip_addr, i)) + self.assertEquals(expected_result, policy.can_exit_to(port = i)) + + def test_is_exiting_allowed(self): + test_inputs = { + (): True, + ('accept *:*', ): True, + ('reject *:*', ): False, + ('accept *:80', 'reject *:*'): True, + ('reject *:80', 'accept *:80', 'reject *:*'): False, + ('reject *:50-90', 'accept *:80', 'reject *:*'): False, + ('reject *:2-65535', 'accept *:80-65535', 'reject *:*'): False, + ('reject *:2-65535', 'accept 127.0.0.0:1', 'reject *:*'): True, + ('reject 127.0.0.1:*', 'accept *:80', 'reject *:*'): True, + } + + for rules, expected_result in test_inputs.items(): + policy = ExitPolicy(*rules) + self.assertEquals(expected_result, policy.is_exiting_allowed()) +
def test_parsing(self): """ @@ -93,32 +124,6 @@ class TestExitPolicy(unittest.TestCase): self.assertRaises(ValueError, stem.exit_policy.ExitPolicy, "accept *:a") self.assertRaises(ValueError, stem.exit_policy.ExitPolicy, "accept *:70000")
- def test_can_exit_to(self): - """ - Tests if exiting to this ip is allowed. - """ - - exit_policies = stem.exit_policy.ExitPolicy("accept *:80", "accept *:443", "reject *:*") - - self.assertTrue(exit_policies.can_exit_to("192.168.0.50", 80)) - self.assertTrue(exit_policies.can_exit_to("192.168.0.50", 443)) - - self.assertFalse(exit_policies.can_exit_to("192.168.0.50", 22)) - self.assertFalse(exit_policies.can_exit_to("192.168.0.50", 8118)) - - def test_is_exiting_allowed(self): - """ - Tests if this is an exit node - """ - - exit_policies = stem.exit_policy.ExitPolicy("accept *:80", "accept *:443", "reject *:*") - - self.assertTrue(exit_policies.is_exiting_allowed()) - - exit_policies = stem.exit_policy.ExitPolicy("reject *:*") - - self.assertFalse(exit_policies.is_exiting_allowed()) - def test_microdesc_exit_parsing(self): microdesc_exit_policy = stem.exit_policy.MicrodescriptorExitPolicy("accept 80,443")